Additional Materials:

Contact:

The federal government is accountable for how its agencies and grantees spend more than $2 trillion of taxpayer dollars and is responsible for safeguarding those funds against improper payments as well as for recouping those funds when improper payments occur. The Congress enacted the Improper Payments Information Act of 2002 (IPIA) and the Recovery Auditing Act to address these issues. Fiscal year 2006 marked the third year that agencies were required to report improper payment and recovery audit information in their Performance and Accountability Reports. The Department of Homeland Security (DHS) reported limited information during these 3 years. GAO was asked to (1) determine the extent to which DHS has implemented the requirements of IPIA, (2) identify actions DHS has under way to improve IPIA compliance and reporting, and (3) determine what efforts DHS has in place to recover improper payments. To accomplish this, GAO analyzed DHS's internal guidance and action plans, and reviewed information reported in its Performance and Accountability Reports.

DHS has made some progress in implementing IPIA requirements, but much more work remains for the agency to become compliant with IPIA. For example, while DHS has made progress in identifying its programs, for fiscal year 2006, the agency did not perform the required first step--a risk assessment--on approximately $13 billion of its more than $29 billion in disbursements subject to IPIA. Until DHS fully assesses its programs, the potential magnitude of improper payments is unknown. For the remaining $16 billion, DHS determined that two programs-- Individuals and Households Program (IHP) assistance payments and disaster-related vendor payments--were at high risk for issuing improper payments and reported related estimates. For the $13 billion for which no risk assessment was performed, DHS has encountered challenges with IPIA implementation. Of this amount, over $6 billion relates to payments for grant programs. Developing a plan to assess risk and potentially test grant payments is important given that the DHS Office of Inspector General, GAO, and other auditors have identified weaknesses in grant programs. This will allow DHS to gain a better understanding of its risk for improper payments and potentially reduce future improper payments. DHS has actions under way to improve IPIA reporting and compliance, but does not plan to be fully compliant in fiscal year 2007. DHS has prepared a plan to address its noncompliance with IPIA, which included updating its guidance to focus on program identification and risk assessments to build a foundation for a sustainable IPIA program. In addition, DHS has developed plans to reduce improper payments related to its two identified high-risk programs. However, until DHS fully completes the required risk assessments for all of its programs and then estimates for risk-susceptible programs, it is not known whether other programs have significant improper payments that also need to be addressed. In addition, DHS's efforts to recover improper payments could be improved. According to DHS, four of its components meet the criteria for recovery auditing as specified in the Recovery Auditing Act. These four components make at least $4 billion of contractor payments each fiscal year. DHS encountered problems that kept it from reporting on recovery audit efforts during fiscal year 2006 for three of the four components, and did not perform recovery auditing at the fourth component. In March 2007, DHS revised its guidance to clarify what is expected; however, ongoing oversight will be necessary to monitor the components' progress. In addition, DHS has reported limited information on its efforts to recover specific improper payments identified during its testing of high-risk programs. Although DHS is not currently required to do so, reporting this information would provide a more complete picture of the agency's actions to recover payments that it has identified as being improper.

Recommendations for Executive Action

Status: Closed - Implemented

Comments: To provide oversight and monitoring of components recovery auditing efforts, the Department of Homeland Security (DHS) hired contractors to perform recovery audits for their applicable components. The recovery audit work was completed in stages for DHS components and reported in the appropriate year's DHS financial report. Specifically, during fiscal year 2011 recovery audit work was completed and reported for the United States Customs and Boarder Protection for 2010 payments. During fiscal year 2010, recovery audit work was completed and reported for the United States Coast Guard and Immigrations and Customs Enforcement for 2009 payments and the Federal Emergency Management Agency for 2008 payments. DHS actions met the intent of our recommendation.

Recommendation: To help improve its efforts to implement IPIA and recover improper payments, the Secretary of Homeland Security should direct the Chief Financial Officer to provide oversight and monitor the progress of all applicable DHS components to successfully perform and report on their recovery auditing efforts.

Recommendation: To help improve its efforts to implement IPIA and recover improper payments, the Secretary of Homeland Security should direct the Chief Financial Officer to require all applicable components to determine and document how they plan to assess their grant programs to determine whether they are at high risk for issuing significant improper payments, and, if necessary, test these grant programs.

Agency Affected: Department of Homeland Security

Status: Closed - Implemented

Comments: During fiscal year 2008, the Department of Homeland Security's (DHS) Office of the Chief Financial Officer (OCFO) revised its Improper Payments Reduction Guidebook to include procedures for the OCFO to oversee and monitor DHS components' compliance with the Improper Payments Information Act (IPIA). Beginning in fiscal year 2009, DHS performed testing on all of the programs that it identified as high risk of improper payments during the risk assessment process, and prepared the necessary corrective action plans. Testing results and related corrective action plans were published in DHS' 2009 AFR. DHS' actions taken to perform risk assessments and related testing (including the OCFO's oversight of these efforts) enabled DHS' auditors to report that DHS was in compliance with IPIA in 2009 and 2010.

Recommendation: To help improve its efforts to implement IPIA and recover improper payments, the Secretary of Homeland Security should direct the Chief Financial Officer to maintain oversight and control over critical milestones identified in the DHS corrective action plan for IPIA compliance so that DHS components stay on track, specifically in regard to identifying programs and performing risk assessments and any related testing.

Agency Affected: Department of Homeland Security

Status: Closed - Implemented

Comments: On July 9, 2013, DHS's Office of Chief Financial Officer provided GAO its "Risk Management & Assurance Division, Improper Payments Program Standard Operating Procedures" (dated July 8, 2013) that documents the processes and procedures for administering DHS' Improper Payment program. The document includes procedures for reporting the amount of improper payments recovered through methods other than the Recovery Audit in DHS' annual financial report.

Recommendation: To help improve its efforts to implement IPIA and recover improper payments, the Secretary of Homeland Security should direct the Chief Financial Officer to, similar to the required reporting on efforts to recover improper payments made to contractors under the Recovery Auditing Act, develop procedures for reporting in its annual Performance and Accountability Reports on the results of yearly efforts to recover any other known improper payments identified under IPIA, by the DHS Office of the Inspector General, or other external auditors.